Centre for Internet and Society

Art in the Open Source Age — A Talk by Gene Kogan

praskrishna — 2012-12-13T06:06:34Z

The Centre for Internet and Society is hosting a talk by Gene Kogan, a programmer and digital artist, at its office in Bangalore on November 30th, 2012, from 5.00 p.m. to 7.00 p.m.

Talk Summary

The open source movement has challenged longstanding assumptions about art practice. Communities of programmers and makers have collaborated online to create mature software development kits such as Processing and OpenFrameworks, as well as websites like Instructables.com where users can document and share their process. The rapid digitization of the blueprints for creative projects have greatly lowered the barrier to getting started.

These new tools and practices have greatly influenced the workflows that artists, designers, and technologists operate with, and have upended traditional notions of authorship and copyright. Techniques manipulating existing digital content have inspired much debate over legitimacy and authenticity. This talk will critically examine this new outlook and attempt to resolve some practical issues.

Gene Kogan

Gene Kogan is an American artist and programmer currently based out of Bangalore. He is interested in performance art, generative systems, and machine learning. He writes free software for negotiating high dimensional spaces to discover the unexpected and serendipitous. He is currently based out of Bangalore.

His work can be seen on his website at www.genekogan.com. You can also follow him on twitter at @genekogan.

VIDOE

For more details visit http://editors.cis-india.org/openness/events/art-in-the-open-source-age

Arrests over Facebook posts: Why we’re on a dangerous slide

praskrishna — 2012-11-20T11:47:43Z

The most bizarre thing about the arrest of Shaheen Dhada and Renu Srinivasan on Monday over a Facebook post that questioned the wisdom of a bandh to mark Shiv Sena leader Bal Thackeray‘s death is that no laws were actually violated by the post.

Venky Vembu's article was published in FirstPost on November 20, 2012. Pranesh Prakash is quoted.

In tone and in content, the post is remarkably restrained, particularly when compared to the rather more incendiary messages that are commonplace on social media platforms. Nor was it even halfways defamatory in the way that many rants on Twitter and Facebook have unfortunately come to be.

Yet, the Mumbai police appear to have cravenly capitulated in the face of some arm-twisting by a local Sena strongman and gone ahead to arrest the two young women on charges that seem laughable even given the extraordinarily sweeping, catch-all clauses of the Information Technology Act.

It is hard to see how Shaheen Dhada violated the two sections of the law under which she has been charged – Section 295A of the Indian Penal Code (“outraging religous feelings of any class”) or even the draconian Section 66A of the IT Act (“sending offensive messages through communication service, etc.”) – with her contemplative post, or what crimes Renu Srinivasan committed in merely ‘liking’ the post.

But it is a sign of the disquieting nature of the provision of the law, and the perverse manner in which it is being implemented, that there weren’t adequate checks and balances to inhibit the wilful deployment of the law on such frivolous grounds. Ironically, the goons who actually wrecked the clinic of Dhada’s uncle haven’t been called to account.

If that is bad enough, it is doubly perverse for Kapil Sibal to claim in all innocence that he is “deeply saddened” by the arrest of the two young women and to insinuate that the IT Act, which he was instrumental in passing, was being misused on grounds of improper implementation.

The fact of it is that the IT Act that he fathered, and particularly the notorious Section 66A, was deliberately worded to give maximum potential for mischief. There have been far too many egregious instances of its misuse by discredited governments and politicians for Sibal to claim that these are random incidents of misuse of the law. Just last month, Finance Minister P Chidambaram’s son Karti had a Puducherry businessmen and anti-corruption activist hauled up by the police for a Twitter post in which the businessman alleged that Karti had “amassed more wealth” than Sonia Gandhi‘s son-in-law.

It’s important to get a sense of why the latest arrests take us further on the slippery slope towards curtailing free speech. Justice Markandeya Katju has repeatedly pointed to the egregious encroachment on the freedom of speech by this provision of law, and has been vocal in calling both politicians and policemen to account whenever the law is abused in this manner.

“It is absurd to say that protesting against the bandh hurts religious sentiments,” Katju observed in a letter to the Maharashtra Chief Minister. “Under Article 19 of our Constitution, freedom of speech is guaranteed fundamental right. We are living in a democracy, not a fascist dictatorship.”

If anything, Katju argued, “this arrest itself appears to be a criminal act since under Sections 341 and 342, it is a crime to wrongfully arrest or wrongfully confine someone who has committed no crime.”

As Pranesh Prakash at the Centre for Internet and Society points out, in the context of Monday’s arrests, “This should not be seen merely as ‘social media regulation’, but as a restriction on freedom of speech and expression by both the law and the police.” Section 66A, he says, makes certain kinds of speech-activities (“causing annoyance”) illegal if communicated online, but legal if that same speech-activity is published in a newspaper.

This distinction is important, Prakash notes, since the mere fact that it was a Facebook status update “should not grant Shaheen Dhada any special immunity”. If anything, it is the fact that her update is not punishable under Section 295 of the IPC or of Section 66A of the IT Act that should give her the immunity, he adds.

With each instance in which Section 66A of the IT Act is being invoked, the potential for mischief embedded in the law is being exposed. Monday’s arrests – of two young women for crimes they did not even commit – are the most brazen instance of their abuse.

Of course, the perverse provision of law has been abused in the real world through selective and arbitrary invocation of the law. But the original sin lies in the law itself. It is the most potent threat to free speech online, and if the law isn’t amended to throw out these perverse provisions, India can kiss goodbye to any lingering pretensions to being a democracy of any sort.

For more details visit http://editors.cis-india.org/news/first-post-politics-venky-vembu-nov-20-2012-arrests-over-facebook-posts-why-were-on-a-dangerous-slide

Arrested for tweeting: Legitimate or Curbing Free Speech?

praskrishna — 2012-11-02T06:09:57Z

As a man in Puducherry is arrested for allegedly posting on Twitter that MR Chidambaram's son had amassed wealth more than that of Robert Vadra, we discuss whether freedom of speech is absolute.

Sunil Abraham along with Shivam Vij, Journalist and Blogger, SB Mishra, Additional DCP, Census Wing, Economic Offence Wing, Delhi Police, and Sanjay Pinto, Advocate, Madras High Court participated in this discussion aired in NDTV on October 31, 2012.

Watch the full video on NDTV

For more details visit http://editors.cis-india.org/news/ndtv-news-oct-31-2012-arrested-for-tweeting-legitimate-or-curbing-free-speech

Arrest of girl over Thackeray FB update a clear misuse of Sec 295A

praskrishna — 2012-11-20T12:00:53Z

The arrest of 21-year-old Shaheen Dhada over her Facebook status update questioning the shutdown of Mumbai over Shiv Sena supremo Bal Thackeray‘s death, is a clear misapplication of section 295 A of the Indian Penal Code (“outrage religious feelings of any class”), according to Pranesh Prakash of the Centre for Internet and Society.

The article was published in FirstPost on November 19, 2012. Pranesh Prakash is quoted.

In comments to Firstpost, Prakash said that this law had been misused numerous times in the state of Maharashtra.

“Even the banning of James Laine’s book Shivaji happened under section 295 A, and the ban was subsequently held to have been unlawful. What makes this seem ironic, and almost a parodic news report, is the fact that Bal Thackeray probably violated this provision more times than most other politicians, but was only charged under it once or twice”, he said.

Dhada’s status update reportedly read, “People like Thackeray are born and die daily and one should not observe a bandh for that.” A friend of hers who ‘liked’ the comment was also arrested.

Prakash said that the arrest called for a discussion on the regulation of speech and expression. “It being a Facebook status update should not grant it any special immunity; the fact of that update not being punishable under s.295 A should! It isn’t regulation of social media that needs to be discussed, but regulation of speech and expression”, he said.

News of the arrest has understandably drawn a lot of attention on social media, and forums like Facebook and Twitter reflected outrage at the news.

The Times of India also reported that a mob of Shiv Sena workers attacked and ransacked the girl’s uncle’s orthopaedic clinic at Palghar, even though she withdrew her comment and apologised.

For more details visit http://editors.cis-india.org/news/first-post-india-nov-19-2012-arrest-of-girl-over-thackeray-fb-update-clear-misuse-of-sec-295a

Around 130-135M Aadhaar Numbers published on 4 sites alone

praskrishna — 2017-05-20T10:52:26Z

“Therefore, there is no data leak, there is no systematic problem, but, if any one tries to be smart, the law ignites into action.” – Ravi Shankar Prasad, IT Minister, in the Rajya Sabha, on 10th April 2017.

The blog post by Nikhil Pahwa was published by Medianama on May 4, 2017.

Details of around 130-135 million Aadhaar Numbers, and around 100 million bank numbers have been leaked online by just four government schemes alone: the National Social Assistance Programme, the National Rural Employment Guarantee Scheme (NREGA), Daily Online Payments Reports under NREGA (Govt of Andhra Pradesh), and the Chandranna Bima Scheme (Govt of Andhra Pradesh), as per a research report from the Centre for Internet and Society.

Download the report here. Read full story on Medianama website.

For more details visit http://editors.cis-india.org/internet-governance/news/medianama-nikhil-pahwa-may-4-2017-around-130-135-m-aadhaar-numbers-published-on-four-sites-alone

Around 13 crore Aadhaar numbers easily available on government portals, says report

praskrishna — 2017-05-03T15:29:12Z

A report by The Centre for Internet and Society claimed that around 13 crore Aadhaar numbers and 10 crore bank account numbers were easily accessible on four government portals built to oversee welfare schemes. The document, released on Monday, pointed out that though it is illegal to reveal Aadhaar numbers, the government portals examined made it easy for anyone to access them, as well as other data about beneficiaries of welfare schemes including in many cases their bank account numbers.

This was published by Scroll.in on May 2, 2017.

The report suggests that the Aadhaar numbers leaked could actually be closer to 23 crore, if most of the government portals connected to direct benefit transfers used the same negligent standards for storing data as the ones examined. “It is extremely irresponsible on the part of the UIDAI [Unique Identification Authority of India], the sole governing body for this massive project, to turn a blind eye to the lack of standards prescribed for how other bodies shall deal with such data, such cases of massive public disclosures of this data, and the myriad ways in which it may used for mischief,” the authors of the report said.

The document also pointed out that the breaches are an indicator of “potentially irreversible privacy harm” and said the data could be used for financial fraud. The report authored by Amber Sinha and Srinivas Kodali studied the National Social Assistance Programme, National Rural Employment Guarantee Scheme, Andhra Pradesh government’s Chandranna Bima Scheme and Andhra Pradesh’s Daily Online Payment Reports of NREGA.

While the report said the Aadhaar initiative as a concept may be praiseworthy, the absence of adequate security could prove disastrous. “Sensitive personal identity information such as Aadhaar number, caste, religion, address, photographs and financial information are only a few clicks away and suggest how poorly conceived these initiatives are,” the report said.

The Centre had, on April 25, cautioned states against leaking Aadhaar information, after it emerged that a number of government websites were making it easy for people to access individuals’ Aadhaar numbers. The Unique Identification Authority of India also filed First Information Reports against eight private websites for collecting Aadhaar-related data from citizens in an unauthorised manner on April 19, but no such action appears to have been taken against government websites so far.

According to government data, the UIDAI has issued 112 crore Aadhaar numbers so far and has maintained that its biometrics database is tamper-proof, although it is up to various other authorities to maintain the secrecy of Aadhaar data collected or kept by them.

On April 21, the Supreme Court had questioned the Centre for making the Aadhaar card mandatory for a number of central schemes despite its repeated orders that the unique identification programme cannot be made mandatory. The government has nevertheless been expanding the scope of the Unique Identity project over the past few months by introducing it for initiatives such as the midday meal scheme of school lunches for children, and, most recently, requiring Aadhaar to file income tax returns.

In March, an Aadhaar enrolment agency had been de-registered for leaking the personal data of cricketer Mahendra Singh Dhoni.

For more details visit http://editors.cis-india.org/internet-governance/news/scroll-may-2-2017-around-13-crore-aadhaar-numbers-easily-available-on-government-portals-says-report

Arogya Setu App

praskrishna — 2021-06-26T06:38:14Z

People show Arogya Setu App installed in their phones while travelling by special New Delhi-Bilaspur train from New Delhi Railway Station. Credit: PTI File Photo

For more details visit http://editors.cis-india.org/home-images/ArogyaSetuApp.jpg

Arindrajit Basu

praskrishna — 2019-09-22T16:53:31Z

Arindrajit Basu

For more details visit http://editors.cis-india.org/home-images/Arindrajit.jpg

Are Elections Fair to People With Special Needs?

praskrishna — 2014-04-09T06:37:14Z

City-based think tanks have submitted a report to the Election Commission saying elections in India are unfriendly to people with disabilities.

The article by Papiya Bhattacharya was published in the New Indian Express on April 8, 2014. Dr. Nirmita Narasimhan is quoted.

The report, by the Centre for Internet and Society (CIS) and Centre for Law and Policy Research (CLPR), says there are several legal barriers that hinder the involvement of people with disabilities in elections.

The World Health Organisation (WHO) estimates that India is home to 150 million people with disabilities. While the Constitution of India and the Representation of People Act, 1951, gives people with disabilities the right to vote, the report says the community remains excluded from polling largely because of the inaccessibility of the physical environment of polling and lack of easily-available electoral information.

Dr. Nirmita Narasimhan, policy director of CIS and one of the authors of the study, says, “The report is based on feedback from the disabled. It would be nice if the Election Commission makes it easy for them to vote.”
She said registration of voters with disabilities has not been completed because there have been too few attempts to reach out to them.

The report concludes with recommendations to make the electoral process more inclusive. The suggestions include ensuring complete registration of voters with disabilities, use of technology to this end, training and sensitising voters with disabilities and improving information accessibility and election monitoring.

The report also inludes the results of a test conducted on the information accessibility in websites of EC and major political parties. The test revealed that most of the websites don’t conform to standards of web accessibility and are not disabled-friendly.

Steps Taken for Fair Polling: JHA

Chief Electoral Officer Anil Kumar Jha told Express that the Election Commission has instructed polling officers to ensure fair treatment to people with special needs. He said, “We have instructed polling officers to provide entry to specially-challenged people on priority. The visually-impaired can take a companion above the age of 18 to the polling booth for help. The electronic voting machines have Braille stickers on their side. If the voters know the serial number of the candidate, they can vote on their own.” He added that a ramp will be set up wherever feasible.

For more details visit http://editors.cis-india.org/news/new-indian-express-april-8-2014-papiya-bhattacharya-are-elections-fair-to-people-with-special-needs

Are Cab Apps safe?

praskrishna — 2014-12-27T17:01:39Z

Cab services are increasingly relying on mobile apps to book, track and charge you for journeys. While tech watchers say there is a digital trail.

Originally published by IBNLive on December 8, 2014. Sunil Abraham gave his inputs.

"You can always share your location, the app has a feature for you to share your location through the way to whoever is waiting at the other end," said Aprameya Radhakrishna, CEO Taxi For Sure.

There's also a major safety loopholes. "We have more complicated technological safegaurd. All the cab driver has to do is use a very primitive technique. He just has to pull off his battery and can ensure that he throws away the phone of the traveller, and no one would know," said Sunil Abraham, Head, Centre For Internet And Society.

So can you trust technology to safeguard you? Rest assured that someone will be monitoring your journey back in some control room?

People feel that there should be some kind of an automatically generated alert system. Had the tracker been switched off, that could have been a point of loophole.

Great degree of automation is possible here but finally it is the human oversight which is critical eventually, in any technology.

Technology, ultimately, doesn't have all the answers, can't provide all solutions against crime prevention. We have seen instances when criminals have attacked women in ATMs knowing full well they are caught on camera, we have seen attacks by unruly drivers at road toll booths, regardless of the surveillance cameras.

While technology helps in tracking digital footprints that a criminal has taken, it hasn't deterred the criminal from doing what he wants to. For that, we have to be on guard.

For more details visit http://editors.cis-india.org/internet-governance/news/ibn-live-december-8-2014-are-cab-apps-safe

Are biometrics hack-proof?

praskrishna — 2017-06-12T01:39:14Z

There are growing concerns over biometric security in India. We ask the experts if biometrics can really be hacked.

The article by Shaikh Zoaib Saleem was published by Livemint on June 11, 2017. Pranesh Prakash was quoted.

There are growing concerns over biometric security. A compromised password can be changed but not a stolen biometric. We ask experts about biometrics security in India.

Pranesh Prakash, policy director, The Centre for Internet & Society

Biometric devices are not hack-proof. It depends on the ease with which this can be done. In Malaysia, thieves who stole a car with a fingerprint-based ignition system simply chopped off the owner's finger. When a biometric attendance system was introduced at the Institute of Chemical Technology (ICT) in Mumbai, students continued giving proxies by using moulds made from Fevicol.

Earlier this year, researchers at NYU and Michigan State University revealed that they were able to generate a "MasterPrint", which is a "partial fingerprint that can be used to impersonate a large number of users". While there are potential safeguards, they require re-capturing everyone's biometrics.

Even other technologies like iris scanner, gait recognition, face recognition, and others, are getting better, but all have problems. Our laws haven't evolved either, leaving many unanswered questions: who can demand your biometrics and under what circumstances? Can your biometrics be captured without your consent? Who is liable for failure? What remedies does one have?

This is an evolving area of technology studies, and every day new kinds of attacks are discovered. Further, they are probabilistic technologies unlike passwords. Given this, if you seek a reliable identity verification system, it doesn't make sense to deploy a system exclusively based on biometrics.

Umesh Panchal, vice-president, Biomatiques Identification Solutions

Biometric devices are instruments delivering added security check functions over traditional methods and these devices can be hack-proof, if the process of exploiting vulnerabilities to gain unauthorised access to systems or resources, is taken care of. With liveliness detection, iris biometric devices are far more hack-proof than fingerprint devices. Even Pentagon has been hacked. Theoretically, a biometric device can internally store or copy fingerprints or iris scans. Depending upon the use-case and ecosystem, a biometric device can internally store templates. However, the UID system (Unique Identification Authority of India) doesn’t permit storage of any biometric data in any biometric devices.

Several security measures can be incorporated to ensure strong transaction security and end-to-end traceability to prevent misuse. This can be achieved by implementing specification of authentication ecosystem. These include deploying signed application, host and operator authentication, usage of multi-factor authentication, SMS/email alerts, encryption of sensitive data, biometric locking, device identification with unique device identifier for analytics/fraud management, eliminating use of stored biometrics and so on.

For a consumer, the device security is determined by the certification it holds from the competent certification authority.

Bryce Boland, chief technology officer-Asia Pacific, FireEye

Biometrics take many forms. Most often people think biometrics are the actually measured biological feature, but they are actually measurements of a feature turned into a sequence of data that is compared against another set of data. You don’t actually need the physical feature, you need the measurements to generate the sequence of data to make a match. If you can inject that data into a biometric, bypassing the reader, you can potentially trick a biometric system.

Most successful biometric implementations have a controlled enrolment process where identity validation is undertaken, and have physically secured, tamperproof and closely monitored readers. Systems like those used for passport biometric enrolment with restricted deployments of readers at airports are an example. Self-enrollment is prone to fraud. Widely distributed readers are prone to tampering. Insecure paths from readers to central credential repositories are prone to credential theft.

Once biometric information is stolen, it usually cannot be changed. So stolen data can potentially be used for a long time, creating problems. This isn’t the case for airport fingerprint readers, but it is a problem for biometric devices in the hands of the public. The best way to check this is to keep the system’s environment physically secured, tamperproof and closely monitored.

Rajesh Babu, CEO, Mirox Cyber Security & Technology

Biometrics devices can be hacked. They have fingerprint sensors, which only check the pattern. It is possible to recreate these patterns through various techniques. Technically, it is difficult to recreate biometrics from a high-resolution picture. However, by using other image rendering tools we can recreate the patterns. Security experts and hackers have already proved that they can bypass mobile fingerprint scanners using a collection of high-resolution photographs taken from different angles using standard photo cameras to make a latex replica print.

Most of the biometric scanners have a date set of all fingerprints and other identities inside the device database. Not every manufacturer in India undergoes enough security auditing. Most of the companies manufacture low-cost biometric devices which are highly vulnerable. These devices are imported from China and other countries but they do not conduct or go through any security audits in our country. They may have kernel level back doors, which are highly vulnerable and can lead to launch of an any kind of attack, including compromising an organization’s network. Only a handful of companies conduct audits of their products as part of security practice.

Organizations and the government must have a clear and concise Security Devices Policy based on standard applicable laws and regulation framework.

For more details visit http://editors.cis-india.org/internet-governance/news/livemint-june-11-2017-shaikh-zoaib-saleem-are-biometrics-hack-proof

Archives and Access

praskrishna — 2015-04-17T11:06:20Z

The monograph by Aparna Balachandran and Rochelle Pinto, is a material history of the Internet archives. It examines the role of the archivist and the changing relationship between the state and private archives for looking at the politics of subversion, preservation and value of archiving. By examining the Tamil Nadu and Goa state archives, along with the larger public and state archives in the country, the monograph looks at the materiality of archiving, the ambitions and aspirations of an archive, and why it is necessary to preserve archives, not as historical artefacts but as living interactive spaces of memory and remembrance. The findings have direct implications on various government and market impulses to digitise archives and show a clear link between opening up archives and other knowledge sources for breathing life into local and alternative histories.

Download the Monograph

For more details visit http://editors.cis-india.org/raw/histories-of-the-internet/blogs/archives-and-access/archives-and-access

Archives and Access

praskrishna — 2011-09-27T09:40:58Z

Aparna and Rochelle’s research is a material history of the Internet archives. It examines the role of the archivist and the changing relationship between the state and private archives for looking at the politics of subversion, preservation and value of archiving.

For more details visit http://editors.cis-india.org/raw/histories-of-the-internet/archives-and-access.pdf

Archives and Access

praskrishna — 2013-09-26T11:09:56Z

For more details visit http://editors.cis-india.org/raw/archives-and-access.pdf

Archives and Access

praskrishna — 2012-06-22T06:45:08Z

For more details visit http://editors.cis-india.org/home-images/archives.jpg